MirrorHub/bitwarden_rs
0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2024-11-12 04:52:47 +01:00
Code Issues Releases Wiki Activity
bitwarden_rs/src/db/models/org_policy.rs

323 lines
12 KiB
Rust
Raw Normal View History

Add support for the `Send Options` policy Upstream refs: * https://github.com/bitwarden/server/pull/1234 * https://bitwarden.com/help/article/policies/#send-options
2021-05-12 09:54:28 +02:00
use serde::Deserialize;
Initial version of policies
2020-03-14 13:22:30 +01:00
use serde_json::Value;
use crate::api::EmptyResult;
use crate::db::DbConn;
use crate::error::MapResult;
Add support for the `Send Options` policy Upstream refs: * https://github.com/bitwarden/server/pull/1234 * https://bitwarden.com/help/article/policies/#send-options
2021-05-12 09:54:28 +02:00
use crate::util::UpCase;
Initial version of policies
2020-03-14 13:22:30 +01:00
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
use super::{TwoFactor, UserOrgStatus, UserOrgType, UserOrganization};
Initial version of policies
2020-03-14 13:22:30 +01:00
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_object! {
Improve sync speed and updated dep. versions Improved sync speed by resolving the N+1 query issues. Solves #1402 and Solves #1453 With this change there is just one query done to retreive all the important data, and matching is done in-code/memory. With a very large database the sync time went down about 3 times. Also updated misc crates and Github Actions versions.
2022-05-04 21:13:05 +02:00
#[derive(Identifiable, Queryable, Insertable, AsChangeset)]
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
#[table_name = "org_policies"]
#[primary_key(uuid)]
pub struct OrgPolicy {
pub uuid: String,
pub org_uuid: String,
pub atype: i32,
pub enabled: bool,
pub data: String,
}
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
// https://github.com/bitwarden/server/blob/b86a04cef9f1e1b82cf18e49fc94e017c641130c/src/Core/Enums/PolicyType.cs
Updated deps and misc fixes and updates - Updated some Rust dependencies - Fixed an issue with CSP header, this was not configured correctly - Prevent sending CSP and Frame headers for the MFA connector.html files. Else some clients will fail to handle these protocols. - Add `unsafe-inline` for `script-src` only to the CSP for the Admin Interface - Updated JavaScript and CSS files for the Admin interface - Changed the layout for showing overridden settings, better visible now. - Made the version check cachable to prevent hitting the Github API rate limits - Hide the `database_url` as if it is a password in the Admin Interface Else for MariaDB/MySQL or PostgreSQL this was plain text. - Fixed an issue that pressing enter on the SMTP Test would save the config. resolves #2542 - Prevent user names larger then 50 characters resolves #2419
2022-06-08 19:46:33 +02:00
#[derive(Copy, Clone, Eq, PartialEq, num_derive::FromPrimitive)]
Initial version of policies
2020-03-14 13:22:30 +01:00
pub enum OrgPolicyType {
TwoFactorAuthentication = 0,
MasterPassword = 1,
PasswordGenerator = 2,
feature: Support single organization policy This adds back-end support for the [single organization policy](https://bitwarden.com/help/article/policies/#single-organization).
2021-09-24 17:55:49 +02:00
SingleOrg = 3,
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
// RequireSso = 4, // Not supported
Add support for the Personal Ownership policy Upstream refs: * https://github.com/bitwarden/server/pull/1013 * https://bitwarden.com/help/article/policies/#personal-ownership
2021-01-24 05:50:06 +01:00
PersonalOwnership = 5,
Add support for the Disable Send policy Upstream refs: * https://github.com/bitwarden/server/pull/1130 * https://bitwarden.com/help/article/policies/#disable-send
2021-03-16 10:07:45 +01:00
DisableSend = 6,
Add support for the `Send Options` policy Upstream refs: * https://github.com/bitwarden/server/pull/1234 * https://bitwarden.com/help/article/policies/#send-options
2021-05-12 09:54:28 +02:00
SendOptions = 7,
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
// ResetPassword = 8, // Not supported
// MaximumVaultTimeout = 9, // Not supported (Not AGPLv3 Licensed)
// DisablePersonalVaultExport = 10, // Not supported (Not AGPLv3 Licensed)
Add support for the `Send Options` policy Upstream refs: * https://github.com/bitwarden/server/pull/1234 * https://bitwarden.com/help/article/policies/#send-options
2021-05-12 09:54:28 +02:00
}
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
// https://github.com/bitwarden/server/blob/5cbdee137921a19b1f722920f0fa3cd45af2ef0f/src/Core/Models/Data/Organizations/Policies/SendOptionsPolicyData.cs
Add support for the `Send Options` policy Upstream refs: * https://github.com/bitwarden/server/pull/1234 * https://bitwarden.com/help/article/policies/#send-options
2021-05-12 09:54:28 +02:00
#[derive(Deserialize)]
#[allow(non_snake_case)]
pub struct SendOptionsPolicyData {
pub DisableHideEmail: bool,
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
pub type OrgPolicyResult = Result<(), OrgPolicyErr>;
#[derive(Debug)]
pub enum OrgPolicyErr {
TwoFactorMissing,
SingleOrgEnforced,
}
Initial version of policies
2020-03-14 13:22:30 +01:00
/// Local methods
impl OrgPolicy {
pub fn new(org_uuid: String, atype: OrgPolicyType, data: String) -> Self {
Self {
uuid: crate::util::get_uuid(),
org_uuid,
atype: atype as i32,
enabled: false,
data,
}
}
Add support for the Personal Ownership policy Upstream refs: * https://github.com/bitwarden/server/pull/1013 * https://bitwarden.com/help/article/policies/#personal-ownership
2021-01-24 05:50:06 +01:00
pub fn has_type(&self, policy_type: OrgPolicyType) -> bool {
self.atype == policy_type as i32
}
Initial version of policies
2020-03-14 13:22:30 +01:00
pub fn to_json(&self) -> Value {
let data_json: Value = serde_json::from_str(&self.data).unwrap_or(Value::Null);
json!({
"Id": self.uuid,
"OrganizationId": self.org_uuid,
"Type": self.atype,
"Data": data_json,
"Enabled": self.enabled,
"Object": "policy",
})
}
}
/// Database methods
impl OrgPolicy {
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
pub async fn save(&self, conn: &DbConn) -> EmptyResult {
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050
2020-09-22 12:13:02 +02:00
db_run! { conn:
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
sqlite, mysql {
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050
2020-09-22 12:13:02 +02:00
match diesel::replace_into(org_policies::table)
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
.values(OrgPolicyDb::to_db(self))
.execute(conn)
Fixed foreign-key (mariadb) errors. When using MariaDB v10.5+ Foreign-Key errors were popping up because of some changes in that version. To mitigate this on MariaDB and other MySQL forks those errors are now catched, and instead of a replace_into an update will happen. I have tested this as thorough as possible with MariaDB 10.5, 10.4, 10.3 and the default MySQL on Ubuntu Focal. And tested it again using sqlite, all seems to be ok on all tables. resolves #1081. resolves #1065, resolves #1050
2020-09-22 12:13:02 +02:00
{
Ok(_) => Ok(()),
// Record already exists and causes a Foreign Key Violation because replace_into() wants to delete the record first.
Err(diesel::result::Error::DatabaseError(diesel::result::DatabaseErrorKind::ForeignKeyViolation, _)) => {
diesel::update(org_policies::table)
.filter(org_policies::uuid.eq(&self.uuid))
.set(OrgPolicyDb::to_db(self))
.execute(conn)
.map_res("Error saving org_policy")
}
Err(e) => Err(e.into()),
}.map_res("Error saving org_policy")
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
}
postgresql {
let value = OrgPolicyDb::to_db(self);
// We need to make sure we're not going to violate the unique constraint on org_uuid and atype.
// This happens automatically on other DBMS backends due to replace_into(). PostgreSQL does
// not support multiple constraints on ON CONFLICT clauses.
diesel::delete(
org_policies::table
.filter(org_policies::org_uuid.eq(&self.org_uuid))
.filter(org_policies::atype.eq(&self.atype)),
)
.execute(conn)
.map_res("Error deleting org_policy for insert")?;
diesel::insert_into(org_policies::table)
.values(&value)
.on_conflict(org_policies::uuid)
.do_update()
.set(&value)
.execute(conn)
.map_res("Error saving org_policy")
}
}
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
pub async fn delete(self, conn: &DbConn) -> EmptyResult {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! { conn: {
diesel::delete(org_policies::table.filter(org_policies::uuid.eq(self.uuid)))
.execute(conn)
.map_res("Error deleting org_policy")
}}
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
pub async fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! { conn: {
org_policies::table
.filter(org_policies::uuid.eq(uuid))
.first::<OrgPolicyDb>(conn)
.ok()
.from_db()
}}
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
pub async fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! { conn: {
org_policies::table
.filter(org_policies::org_uuid.eq(org_uuid))
.load::<OrgPolicyDb>(conn)
.expect("Error loading org_policy")
.from_db()
}}
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
pub async fn find_confirmed_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! { conn: {
org_policies::table
Try to fix #1218
2020-11-07 23:01:56 +01:00
.inner_join(
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
users_organizations::table.on(
users_organizations::org_uuid.eq(org_policies::org_uuid)
.and(users_organizations::user_uuid.eq(user_uuid)))
)
Ensure that a user is actually in an org when applying policies
2020-11-07 23:14:17 +01:00
.filter(
users_organizations::status.eq(UserOrgStatus::Confirmed as i32)
)
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
.select(org_policies::all_columns)
.load::<OrgPolicyDb>(conn)
.expect("Error loading org_policy")
.from_db()
}}
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
pub async fn find_by_org_and_type(org_uuid: &str, policy_type: OrgPolicyType, conn: &DbConn) -> Option<Self> {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! { conn: {
org_policies::table
.filter(org_policies::org_uuid.eq(org_uuid))
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
.filter(org_policies::atype.eq(policy_type as i32))
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
.first::<OrgPolicyDb>(conn)
.ok()
.from_db()
}}
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
pub async fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult {
Add support for multiple simultaneous database features by using macros. Diesel requires the following changes: - Separate connection and pool types per connection, the generate_connections! macro generates an enum with a variant per db type - Separate migrations and schemas, these were always imported as one type depending on db feature, now they are all imported under different module names - Separate model objects per connection, the db_object! macro generates one object for each connection with the diesel macros, a generic object, and methods to convert between the connection-specific and the generic ones - Separate connection queries, the db_run! macro allows writing only one that gets compiled for all databases or multiple ones
2020-08-18 17:15:44 +02:00
db_run! { conn: {
diesel::delete(org_policies::table.filter(org_policies::org_uuid.eq(org_uuid)))
.execute(conn)
.map_res("Error deleting org_policy")
}}
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
pub async fn find_accepted_and_confirmed_by_user_and_active_policy(
user_uuid: &str,
policy_type: OrgPolicyType,
conn: &DbConn,
) -> Vec<Self> {
db_run! { conn: {
org_policies::table
.inner_join(
users_organizations::table.on(
users_organizations::org_uuid.eq(org_policies::org_uuid)
.and(users_organizations::user_uuid.eq(user_uuid)))
)
.filter(
users_organizations::status.eq(UserOrgStatus::Accepted as i32)
)
.or_filter(
users_organizations::status.eq(UserOrgStatus::Confirmed as i32)
)
.filter(org_policies::atype.eq(policy_type as i32))
.filter(org_policies::enabled.eq(true))
.select(org_policies::all_columns)
.load::<OrgPolicyDb>(conn)
.expect("Error loading org_policy")
.from_db()
}}
}
pub async fn find_confirmed_by_user_and_active_policy(
user_uuid: &str,
policy_type: OrgPolicyType,
conn: &DbConn,
) -> Vec<Self> {
db_run! { conn: {
org_policies::table
.inner_join(
users_organizations::table.on(
users_organizations::org_uuid.eq(org_policies::org_uuid)
.and(users_organizations::user_uuid.eq(user_uuid)))
)
.filter(
users_organizations::status.eq(UserOrgStatus::Confirmed as i32)
)
.filter(org_policies::atype.eq(policy_type as i32))
.filter(org_policies::enabled.eq(true))
.select(org_policies::all_columns)
.load::<OrgPolicyDb>(conn)
.expect("Error loading org_policy")
.from_db()
}}
}
Add support for the Disable Send policy Upstream refs: * https://github.com/bitwarden/server/pull/1130 * https://bitwarden.com/help/article/policies/#disable-send
2021-03-16 10:07:45 +01:00
/// Returns true if the user belongs to an org that has enabled the specified policy type,
/// and the user is not an owner or admin of that org. This is only useful for checking
/// applicability of policy types that have these particular semantics.
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
pub async fn is_applicable_to_user(
user_uuid: &str,
policy_type: OrgPolicyType,
exclude_org_uuid: Option<&str>,
conn: &DbConn,
) -> bool {
for policy in
OrgPolicy::find_accepted_and_confirmed_by_user_and_active_policy(user_uuid, policy_type, conn).await
{
// Check if we need to skip this organization.
if exclude_org_uuid.is_some() && exclude_org_uuid.unwrap() == policy.org_uuid {
continue;
}
if let Some(user) = UserOrganization::find_by_user_and_org(user_uuid, &policy.org_uuid, conn).await {
if user.atype < UserOrgType::Admin {
return true;
Add support for the Disable Send policy Upstream refs: * https://github.com/bitwarden/server/pull/1130 * https://bitwarden.com/help/article/policies/#disable-send
2021-03-16 10:07:45 +01:00
}
}
}
false
}
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
pub async fn is_user_allowed(
user_uuid: &str,
org_uuid: &str,
exclude_current_org: bool,
conn: &DbConn,
) -> OrgPolicyResult {
// Enforce TwoFactor/TwoStep login
if TwoFactor::find_by_user(user_uuid, conn).await.is_empty() {
match Self::find_by_org_and_type(org_uuid, OrgPolicyType::TwoFactorAuthentication, conn).await {
Some(p) if p.enabled => {
return Err(OrgPolicyErr::TwoFactorMissing);
}
_ => {}
};
}
// Enforce Single Organization Policy of other organizations user is a member of
// This check here needs to exclude this current org-id, else an accepted user can not be confirmed.
let exclude_org = if exclude_current_org {
Some(org_uuid)
} else {
None
};
if Self::is_applicable_to_user(user_uuid, OrgPolicyType::SingleOrg, exclude_org, conn).await {
return Err(OrgPolicyErr::SingleOrgEnforced);
}
Ok(())
}
Add support for the `Send Options` policy Upstream refs: * https://github.com/bitwarden/server/pull/1234 * https://bitwarden.com/help/article/policies/#send-options
2021-05-12 09:54:28 +02:00
/// Returns true if the user belongs to an org that has enabled the `DisableHideEmail`
/// option of the `Send Options` policy, and the user is not an owner or admin of that org.
Async/Awaited all db methods This is a rather large PR which updates the async branch to have all the database methods as an async fn. Some iter/map logic needed to be changed to a stream::iter().then(), but besides that most changes were just adding async/await where needed.
2021-11-16 17:07:55 +01:00
pub async fn is_hide_email_disabled(user_uuid: &str, conn: &DbConn) -> bool {
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
for policy in
OrgPolicy::find_confirmed_by_user_and_active_policy(user_uuid, OrgPolicyType::SendOptions, conn).await
{
if let Some(user) = UserOrganization::find_by_user_and_org(user_uuid, &policy.org_uuid, conn).await {
if user.atype < UserOrgType::Admin {
match serde_json::from_str::<UpCase<SendOptionsPolicyData>>(&policy.data) {
Ok(opts) => {
if opts.data.DisableHideEmail {
return true;
Add support for the `Send Options` policy Upstream refs: * https://github.com/bitwarden/server/pull/1234 * https://bitwarden.com/help/article/policies/#send-options
2021-05-12 09:54:28 +02:00
}
}
Add Org user revoke feature This PR adds a the new v2022.8.x revoke feature which allows an organization owner or admin to revoke access for one or more users. This PR also fixes several permissions and policy checks which were faulty. - Modified some functions to use DB Count features instead of iter/count aftwards. - Rearanged some if statements (faster matching or just one if instead of nested if's) - Added and fixed several policy checks where needed - Some small updates on some response models - Made some functions require an enum instead of an i32
2022-08-20 16:42:36 +02:00
_ => error!("Failed to deserialize SendOptionsPolicyData: {}", policy.data),
Add support for the `Send Options` policy Upstream refs: * https://github.com/bitwarden/server/pull/1234 * https://bitwarden.com/help/article/policies/#send-options
2021-05-12 09:54:28 +02:00
}
}
}
}
false
}
Initial version of policies
2020-03-14 13:22:30 +01:00
}
Reference in a new issue Copy permalink